Improve security and privacy by updating HTTP Cache
Forgetting or misusing the Cache-Control header may negatively impact the security of your website and your users' privacy.
Forgetting or misusing the Cache-Control header may negatively impact the security of your website and your users' privacy.
Use the Reporting API to monitor security violations, deprecated API calls, and more.
A new version of the Reporting API is available. It's more private and more likely to be supported across browsers.
The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page.
Learn more about headers that can keep your site safe and quickly look up the most important details.
FLoC enables ad selection without sharing the browsing behaviour of individual users.
How to deploy a CSP based on script nonces or hashes as a defense-in-depth against cross-site scripting.
Cross-origin isolation enables a web page to use powerful features such as SharedArrayBuffer. This article explains how to enable cross-origin isolation on your website.
Sometimes, you need to run your local development site with HTTPS. Tools and tips to do this safely and quickly.
Using http://localhost for local development is fine most of the time, except in some special cases. This post explains when you need to run your local development site with HTTPS.
Maximize conversions by helping your users complete address and payment forms as quickly and easily as possible.
Help your users sign up, log in and manage their account details with a minimum of fuss.
Learn how to optimize your SMS OTP form and improve user experience.
The definition of "same-site" is evolving to include the URL scheme, so links between HTTP and HTTPS versions of a site now count as cross-site requests. Upgrade to HTTPS by default to avoid issues where possible or read on for details of what SameSite attribute values are needed.
Mitigate the risks associated with unintentional exposure of devices and servers on a client’s internal network to the web at large.
Redirect a request to `/.well-known/change-password` to the change-passwords URL
While JavaScript is fairly forgiving in cleaning up after itself, static languages are definitely not…
Best practices to set your Referrer-Policy and use the referrer in incoming requests.
A summary of the major news and updates that were announced during our 3-day online community event, and a reminder about upcoming regional events.
Use cross-platform browser features to build sign-in forms that are secure, accessible and easy to use.